Sql injection

2012-01-2904:04:00

PRIOn knowledge base

www.prio-n.com

9.2 High

AI Score

Confidence

Low

0.003 Low

EPSS

Percentile

66.1%

JSON

Multiple SQL injection vulnerabilities in Support Incident Tracker (aka SiT!) before 3.64 allow remote attackers to execute arbitrary SQL commands via the (1) exc[] parameter to report_marketing.php, (2) selected[] parameter to tasks.php, (3) sites[] parameter to billable_incidents.php, or (4) search_string parameter to search.php. NOTE: some of these details are obtained from third party information.

CPENameOperatorVersion
support_incident_trackereq3.45 beta1
support_incident_trackereq3.35
support_incident_trackereq3.62
support_incident_trackereq3.30
support_incident_trackereq3.33
support_incident_trackereq3.41
support_incident_trackereq3.22
support_incident_trackereq3.51
support_incident_trackereq3.32
support_incident_trackereq3.61

Name	Operator	Version
support_incident_tracker	eq	3.45 beta1
support_incident_tracker	eq	3.35
support_incident_tracker	eq	3.62
support_incident_tracker	eq	3.30
support_incident_tracker	eq	3.33
support_incident_tracker	eq	3.41
support_incident_tracker	eq	3.22
support_incident_tracker	eq	3.51
support_incident_tracker	eq	3.32
support_incident_tracker	eq	3.61